Hey all, I was just hacked, and I cannot tell from where! I am looking thru logs and I see that calls were made (I caught it early so there werent many) but I cannot see from which profile in my users.conf they were made from.
The callerid on the outbound calls was "new user" <905731xxxx> which is my outgoing CID with a different name... Everytime the channel name was SIP/s-b538c888 and it looks like he was dialing direct from "dialplan" - my main everyone context. When I found it he was sequential dialing 15754941xxx #s and I re-routed a call to my desk and it was a phishing scam for chemo federal credit union. What can I do to gather more data on this and keep people out for good? Thanks, Jason
